Does past AdventNet advice violate security stds?
I asked a question earlier this week which has gone unanswered, pertaining to the scanning of a network for asset tracking, when you have a firewall from XP in place. I asked about what particular ports and numbers I should open up to allow for such scanning.
I found several references for solving this type of problem going back to this article:
http://forums.manageengine.com/viewtopic.php?t=
That article is summarized by saying that you should open DCOM on workstations.
In 2003, the Blaster Worm (and several variants) blew through the Microsoft world and took down systems at a very high rate of speed.
The following bulletin was given by Microsoft (along with patches):
http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx
Which was later superceded by this article from Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS03-039.mspx
That article summarized says to close off DCOM.
So, does anybody have a solution for what I should SAFELY do to allow for scans to determine our assets? (I won't go into the need for SSL logins and scans, as that's been hashed out here. But as a contractor, I promise I won't fire up ethereal either to snoop domain admin and user passwords. :-) )
Justin Masters, CISSP
I found several references for solving this type of problem going back to this article:
http://forums.manageengine.com/viewtopic.php?t=
That article is summarized by saying that you should open DCOM on workstations.
In 2003, the Blaster Worm (and several variants) blew through the Microsoft world and took down systems at a very high rate of speed.
The following bulletin was given by Microsoft (along with patches):
http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx
Which was later superceded by this article from Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS03-039.mspx
That article summarized says to close off DCOM.
So, does anybody have a solution for what I should SAFELY do to allow for scans to determine our assets? (I won't go into the need for SSL logins and scans, as that's been hashed out here. But as a contractor, I promise I won't fire up ethereal either to snoop domain admin and user passwords. :-) )
Justin Masters, CISSP
